In many circuits measures are provided for preventing secret data from being able to be read out. This is necessary particularly when security-critical data are processed, as is often the case with smartcards. Smartcards are used as an authentication tool or for banking applications, which increases the security requirements. Measures for restricting access are implemented at the level of an operating system or an application, a limitation to specific address ranges or specific addresses being effected. The protective measures can be used to ensure that only specific users or specific applications can access security-critical data.
Attackers pursue the aim of overcoming the implemented security measures and of obtaining access to secret data. A further aim may be to obtain insights about the construction of the circuit.
In the past, the aim of defense has been to prevent or at least make more difficult the analysis and manipulation of the integrated circuits by means of the specific construction of the circuit. An attempt to achieve this aim has involved, on the one hand, concealed structuring of the critical lines in the wiring plan and, on the other hand, application of a dedicated, covering protective plane above the relevant wiring planes. In the case of these protective planes, called “shields”, meandering or lattice-shaped lines are realized e.g. in pairs in the protective plane, in the event of whose interruption or short circuit for the case where different voltages are present the detecting sensor initiates an erasure of the memory, a reset or the nonfunctionality of other circuit sections. These lines, referred to as “passive”, can likewise be embodied as unconnected, voltageless lines. In this case, they serve merely for increasing the complexity during the attack or for the purpose of confusion.
The security of the components can be additionally increased by the passive lines described being replaced by so-called active lines in the design of the wiring plan. In the case of the active lines, signals are applied to the lines of the shield by drive circuits, which signals are analyzed by evaluation circuits and compared e.g. with reference signals. Owing to the possible variation of the signals, in this case the shield can only be circumvented by the very complicated laying of a bypass line and by the application of the FIB method.
In the case of attacks using ionizing radiation or targeted fluctuations of the supply voltage or the manipulation of clock edges, one possibility for defense consists in detecting the causes of the manipulations, that is to say in identifying the ionizing radiation or the supply voltage fluctuations. This requires the presence of specially provided sensors which are sensitive to the various types of attack in various attack scenarios. That means for example that the radiation or supply voltage fluctuations are measure and evaluated by a control circuit. The sensors are sensitive to a limited set of attacks, and, consequently, by way of example, new attacks to which a set of sensors of a cryptocontroller is not sensitive will lead with some probability to a successful fault attack. The number of sensors for an integrated circuit with high security requirements has to be very high. If only a few sensors are provided, no protection is afforded against “local radiation attacks” on individual or a few memory cells or gates.